def testSalesforcePermissions(self):
""" Make sure that the Manager role has the Salesforce read and write permissions,
by default. """
self.setRoles(())
self.failIf(checkPermission(SalesforceRead, self.portal))
self.failIf(checkPermission(SalesforceWrite, self.portal))
self.setRoles(('Manager',))
self.failUnless(checkPermission(SalesforceRead, self.portal))
self.failUnless(checkPermission(SalesforceWrite, self.portal))
def testSalesforcePermissions(self):
""" Make sure that the Manager role has the Salesforce read and write permissions,
by default. """
self.setRoles(())
self.failIf(checkPermission(SalesforceRead, self.portal))
self.failIf(checkPermission(SalesforceWrite, self.portal))
self.setRoles(('Manager', ))
self.failUnless(checkPermission(SalesforceRead, self.portal))
self.failUnless(checkPermission(SalesforceWrite, self.portal))
def test_join_policy_admin(self):
"""
in an admin managed workspace, a user needs the
manage workspace permission to update users
"""
self.login_as_portal_owner()
workspace = api.content.create(
self.workspace_container,
'ploneintranet.workspace.workspacefolder',
'workspace'
)
workspace.join_policy = 'admin'
username = '******'
api.user.create(username=username, email='*****@*****.**')
self.add_user_to_workspace(username, workspace)
self.login(username)
self.assertFalse(
checkPermission(
"ploneintranet.workspace: Manage workspace",
workspace
),
)
# we're not relying on Manage roster anywhere, but verify anyway
self.assertFalse(
checkPermission(
'collective.workspace: Manage roster',
workspace
),
)
self.request['REQUEST_METHOD'] = 'POST'
edit_form = EditRoster(workspace, self.request)
settings = [
{
'id': 'wsadmin',
'member': True,
'admin': False,
},
{
'id': 'wsmember',
'member': True,
},
]
self.assertRaises(
Unauthorized,
edit_form.update_users,
settings,
)
def test_join_policy_team(self):
"""
in a team managed workspace a user only needs the view roster
permission to update users
"""
self.login_as_portal_owner()
workspace = api.content.create(
self.workspace_container,
'ploneintranet.workspace.workspacefolder', 'workspace')
workspace.join_policy = 'team'
username = '******'
api.user.create(username=username, email='*****@*****.**')
self.add_user_to_workspace(username, workspace)
self.login(username)
self.assertTrue(
checkPermission('collective.workspace: View roster', workspace), )
self.request['REQUEST_METHOD'] = 'POST'
edit_form = EditRoster(workspace, self.request)
settings = [
{
'id': 'member2',
'member': True,
},
{
'id': 'regular_member',
'member': True,
},
]
edit_form.update_users(settings)
def can_manage_workspace(self):
"""
does this user have permission to manage the workspace
"""
return checkPermission(
"ploneintranet.workspace: Manage workspace",
self.context,
)
def can_manage_workspace(self):
"""
does this user have permission to manage the workspace
"""
return checkPermission(
"ploneintranet.workspace: Manage workspace",
self.context,
)
def update_users(self, entries):
"""Update user properties on the roster """
ws = IWorkspace(self.context)
members = ws.members
# check user permissions against join policy
join_policy = self.context.join_policy
if (join_policy == "admin"
and not checkPermission(
"collective.workspace: Manage roster",
self.context)):
raise Unauthorized("You are not allowed to add users here")
for entry in entries:
id = entry.get('id')
is_member = bool(entry.get('member'))
is_admin = bool(entry.get('admin'))
# Existing members
if id in members:
member = members[id]
if not is_member:
if checkPermission(
"ploneintranet.workspace: Manage workspace",
self.context):
ws.membership_factory(ws, member).remove_from_team()
else:
raise Unauthorized(
"Only team managers can remove members")
elif not is_admin:
ws.membership_factory(ws, member).groups -= {'Admins'}
else:
ws.membership_factory(ws, member).groups |= {'Admins'}
# New members
elif id not in members and (is_member or is_admin):
groups = set()
if is_admin:
groups.add('Admins')
ws.add_to_team(user=id, groups=groups)
def update_users(self, entries):
"""Update user properties on the roster """
ws = IWorkspace(self.context)
members = ws.members
# check user permissions against join policy
join_policy = self.context.join_policy
if (join_policy == "admin" and not checkPermission(
"ploneintranet.workspace: Manage workspace", self.context)):
raise Unauthorized("You are not allowed to add users here")
for entry in entries:
id = entry.get('id')
is_member = bool(entry.get('member'))
is_admin = bool(entry.get('admin'))
# Existing members
if id in members:
member = members[id]
if not is_member:
if checkPermission(
"ploneintranet.workspace: Manage workspace",
self.context):
ws.membership_factory(ws, member).remove_from_team()
else:
raise Unauthorized(
"Only team managers can remove members")
elif not is_admin:
ws.membership_factory(ws, member).groups -= {'Admins'}
else:
ws.membership_factory(ws, member).groups |= {'Admins'}
# New members
elif id not in members and (is_member or is_admin):
groups = set()
if is_admin:
groups.add('Admins')
ws.add_to_team(user=id, groups=groups)
def test_join_policy_team(self):
"""
in a team managed workspace a user only needs the view roster
permission to update users
"""
self.login_as_portal_owner()
workspace = api.content.create(
self.workspace_container,
'ploneintranet.workspace.workspacefolder',
'workspace'
)
workspace.join_policy = 'team'
username = '******'
api.user.create(username=username, email='*****@*****.**')
self.add_user_to_workspace(username, workspace)
self.login(username)
self.assertTrue(
checkPermission(
'collective.workspace: View roster',
workspace
),
)
self.request['REQUEST_METHOD'] = 'POST'
edit_form = EditRoster(workspace, self.request)
settings = [
{
'id': 'member2',
'member': True,
},
{
'id': 'regular_member',
'member': True,
},
]
edit_form.update_users(settings)
